i'm currently running pulumi up and it's already gone beyond where it was

Not having those issues here with Ruby, I will try out with Node later but I can’t right now. Anyhow, that’s how we do it. We use Ruby to prepare a lot of stuff, like creating new stacks, feeding secrets and configs and etc.

Which brings me to my question I got some issues with a few things Pulumi does before we can actually start migrating over, I am hoping I could get some eyes on this and maybe even suggestions. I am not comfortable with secrets stored in the repo. Encrypted or not. We do store the secrets on Github, but not in the repo, but as Github Action secrets. In fact, we also store configs there as clear text. In the future we would like to store our configs as an .env file and read that into the CI. Is there a way Pulumi could work without config and secrets being defined in the stack.yml file?

@gifted-engine-92308 try this

const { spawn } = require('child_process');
const ls = spawn('pulumi', ['up', '-y']);

ls.stdout.on('data', (data) => {
  console.log(`stdout: ${data}`);
});

ls.stderr.on('data', (data) => {
  console.error(`stderr: ${data}`);
});

ls.on('close', (code) => {
  console.log(`child process exited with code ${code}`);
});

ah ok

Let me know how it works, I’m curious. We wanna switch Ruby to typescript eventually

i'll be trying it within the next 5 mins 🙂

ok - so now I have an error that i can see 🙂

so that method is definitely better

What was the error?

it's something related to cert-manager that's not happening when i run it in terminal so looking into that now

@gifted-engine-92308 Can you check if it’s possible to await an output? Since we check configs for conditionals.

Why does pulumi not realize the instance is gone and stop trying to delete the user?

gcp:sql:User (sellercenter-vtex-gateway-vault):
    error: deleting urn:pulumi:development::sellercenter-vtex-gateway::gcp:sql/user:User::sellercenter-vtex-gateway-vault: Error, failed to deleteuser vault in instance sellercenter-vtex-c7eeaca: googleapi: Error 400: Invalid request: Invalid request since instance is not running., invalid

  gcp:sql:User (sellercenter-vtex-gateway):
    error: deleting urn:pulumi:development::sellercenter-vtex-gateway::gcp:sql/user:User::sellercenter-vtex-gateway: Error, failed to deleteuser sellercenter-vtex-gateway-7acd01a in instance sellercenter-vtex-c7eeaca: googleapi: Error 400: Invalid request: Invalid request since instance is not running., invalid

you might be able to do a pulumi refresh to make it notice

instead of it failing to delete

is there a way to do pulumi preview without it building containers?

Can somebody help with debugging a

400

status code from the CLI? I’m attempting to run:

pulumi config --verbose=3 --stack $PULUMI_STACK --config-file Pulumi.development.yaml --show-secrets --json)

but all I’m seeing is:

error: could not decrypt configuration value: [400] Message authentication failed

I was hoping

--verbose=3

would help a bit but there isn’t any extra information compared to the non-verbose run.

Is there a resource similar to

azure.containerservice.Registry

or data source similar to

gcp.container.getRegistryRepository

for

@pulumi/gitlab

?

How strongly is tagging enforced in Pulumi? I’m concerned over the amount of resources created and no way to track them in the AWS console. We don’t issue deletion/destroying via Pulumi but manually via the AWS console and want to keep it that way.

Can a stack have several projects? It seems a little odd to see already existing stacks suggested for new projects (my understanding of a project is just an index file and a mapped runtime (i.e. nodejs).

Can someone help me with CI and AWS. I am a bit confused over how to deal with Roles/IAM/RBAC for setting up the infrastructure in such way that staging and dev branches are different from prod in terms of rights

I'm getting an odd error when trying to run `pulumi up`:

error: Missing required configuration variable 'poc-pulumi:aws:region'

. When I do what the error describes and set:

pulumi config set poc-pulumi:aws:region us-east-1

, I get another error telling me the format is invalid: `error: invalid configuration key: could not parse poc-pulumiawsregion as a configuration key (configuration keys should be of the form

<namespace>:<name>

)`

Digital ocean’s managed k8s service refreshes its certificates every week. I authenticate via my digital ocean access token and can still access my pods, but this isn’t working with Pulumi. I'm unable to make updates to the cluster or to my applications. When I attempt to refresh I get this error:

unable to load schema information from the API server: the server has asked for the client to provide credentials

From what I’ve read Pulumi auths to k8s using either ~/.kube/config or $KUBECONFIG. Given that I have a recently updated kube config and can connect to my cluster I don’t understand why Pulumi is failing. I’m thinking the issue could be with the way I export the provider in the project that creates the basic cluster:

export const kubeconfig = cluster.kubeConfigs[0].rawConfig
const provider = new kubernetes.Provider(project_name, { kubeconfig })

I removed the cluster bootstrapping (container registry login stuff, etc) that was dependent upon the provider and ran

pulumi update -v 5 --debug

. I hoped this would update the kubeconfig being used by the other projects that deploy my apps. All I got from the attempted update was a vague error and an outputted kube config file:

error: an unhandled error occurred: Program exited with non-zero exit code: -1

What is the recommended way to deal with the k8s digitalocean certificate rotation, both from managing the base cluster and for the applications that will deploy to it? I took a look at the Terraform documentation here but am not sure how to translate this to Pulumi: https://www.terraform.io/docs/providers/do/r/kubernetes_cluster.html#kubernetes-terraform-provider-example I’ve been stuck on this for a while, any assistance would be greatly appreciated :-)

When authenticating to Azure with a service principal, I set the required environment variables as stated in the docs, however I get this error when I run

pulumi up

at the stage of creating an AAD application in my pulumi code.

error: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2019-12-23T18:15:51","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":""}}]

Please, is there any additional permission I need to give the service principal in active directory?

Any Windows users out there? I'm running PowerShell on my mac and Pulumi doesn't seem to like how the arrow keys are handled. Pressing up or down after a plan throws this:

Do you want to perform this update?
  yes
> no
  details
error: confirmation cancelled, not proceeding with the update: Unexpected Escape Sequence: ['\x1b' 'O']

Wondering if this is a PowerShell + macOS thing or just PowerShell in general.

I noticed pulumi exposes the node aws-sdk through

new aws.sdk.S3()

like calls. If I have an aws.Provider with set credentials is there a way to use that to create sdk clients? This is for multi-account programs.

The pulumi-command provider I am building breaks if something is a secret. This line returns the error “Could not convert input: cannot convert *structpb.Struct to string”. This makes sense because pulumi secrets in state are objects instead of strings. Is there a way to have pulumi pass the secret in the clear and have it handle the string->object conversion? https://github.com/brandonkal/pulumi-command/blob/master/pkg/structpbconv/structpbconv.go#L119

Why did Pulumi decide to choose Typescript as their language of preference? Python and Go adoption is far ahead for DevOps, Cloud Infrastructure, and backend/platform teams. Part of my job is empowering the more junior engineers to learn languages that will help them advance their careers and I don’t see Typescript doing that.

I'm pretty sure that there are at least a few people hiring node.js developers in the world 😅